Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Do we need a server-side policy file?

 
Holmes Wong
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Ranchers:
I am wondering if we need a server-side policy file, several people mentioned this file, and I don't know why we need it. Is a cilet side policy file enough for our assignment? Thanks.
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, the client side is good enough. You can even be fine without any on either side. as we have found out.
Mark
 
Leonardo Wang
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a policy file in client side primarily for RMI- SocketPermission , and don't have policy file for the server.
SCJD2, SCJP2
 
Wickes Potgieter
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So basically we don't need any policy file at all??
 
Robin Underwood
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My code has been running fine without any security policy at all, but I wonder if it will hurt my score. Does anyone know if you lose points for not having a security policy?
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No Robin, it won't hurt your score.
Mark
 
Ramesh kumaar
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

Any of u please explain me what is the need of policy file and how to configure it.
-rameshkumar
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A policy file is a file with Permissions. It basically sets up the permissions the "User" has on the system. Like can they read or write to a particular file. Can they see other directories. and other Security Permissions. If you have a SecurityManager you need a policy file.
Mark
 
Ramesh kumaar
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mark,
Mark wrote
------------------------------------------------
If you have a SecurityManager you need a policy file.
------------------------------------------------
Could u please explain me about SecurityManager in detail like what is the need of having a securitymanager, How to implement it.
Thanks & regards,
-rameshkumar.
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well in the case of RMI, it is the RMISecurityManager class. It basically is your security. Security is allowing or disallowing a user to do something. Like for instance you have a file that you only want certian people to be able to open, or a file that you want to be only read-only to users. That is security.
I would suggest going to Sun's Java Tutorials. And going to the Security section to learn more.
Mark
 
Ramesh kumaar
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mark,
I read the following from the Java API docs.
RMISecurityManager provides an example security manager for use by RMI applications that use downloaded code. RMI's class loader will not
download any classes from remote locations if no security manager has been set.
If we need to load any class dynamically then I think The above may be usefull.
But as per our requirement we can have our own securityManager class by just extending SecurityManager class as follows.
public class FBNSecurityMgr extends SecurityManager
{
public FBNSecurityMgr()
{
// What where u like to have
}
public void checkAccess(String host,int port)
{
//
}
public void checkAccept(String host,int port)
{
}
}
The above securityMgr will be used in the RMIImplementation class as follows.
public class FBNRMIImpl extends Unicas...
{
public FBNRMIImpl()
{
System.setSecurityManager(new FBNSecurityMgr());
}
}

Mark i just like to confirm that the above approch is correct.
thanks & regards,
-rameshkumar
 
Sai Prasad
Ranch Hand
Posts: 560
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But as per our requirement we can have our own securityManager class by just extending SecurityManager class as follows.

I don't think this is mentioned in the requirement. May be you are refering to the allowed command line configuration parameters. I suggest not to use RMI Security Manager or java.policy file for this assignment. Also you need to defend your choice in the design documentation.
 
Ramesh kumaar
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sai,
--------------------------------------------------
Also you need to defend your choice in the design documentation.
--------------------------------------------------
Give me some good reasons for not implementing the SecurityManager.
thanks & regards,
-rameshkumar
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One reason, because it does not specifically require you to have one. Second, you are not dynamically downloading, so you don't need one at the server. The server is started by the server admin, who already has access to all the stuff you might want to protect. So the only place where there might be a rogue/hacker, is at the client end. You can put one there, but why go through the extra 5 minutes when you don't have to.
Mark
 
Sai Prasad
Ranch Hand
Posts: 560
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since _stub instances are bundled along with the client files, you don't have to have a RMI Security Manager to watch for the codebase.
The reasons for bundling the _Stub instances are that you don't want to have a HTTP server or use a file URL. Having said that, people cleverly used file URL by reading the current directory inside the server side program and set the system property.
Basically if you are not using codebase and budle the _stub class files in the client jar, you don't have to use java.policy or RMI Security Manager.
 
Ramesh kumaar
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Mark,Prasad.

I desided not to use SecurityManager. Thanks a lot for ur immediate reply.
-rameshkumar
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic